| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Nov 2008 01:13:36 +0800 From: "Salvador III Manaois" <badzmanaois@...il.com> To: "Bipin Gautam" <bipin.gautam@...il.com>, full-disclosure@...ts.grok.org.uk Cc: webmaster@...cert.gov Subject: Re: Fwd: Comment on: USB devices spreading viruses ...or super-glue your USB ports. SRP is one possible solution as mentioned by Bipin. Or only allow signed scripts to run. Disable USB storage via group policy or through third-party solutions like DeviceLock. Or, (shameless plug alert) try this tweak (have it signed if your environment only allows signed scripts to execute): http://badzmanaois.blogspot.com/2008/09/disable-usb-storage-using-vbs-script_07.html ...badz... Bytes & Badz: http://badzmanaois.blogspot.com On Sat, Nov 22, 2008 at 12:57 AM, Bipin Gautam <bipin.gautam@...il.com> wrote: > USB / FLOPPY are attractive means for virus/worm to propagate. Here is > a workaround to stop a successful infection from happening (well ~99% > of the time least) > > 1. if you dont use wscript.exe disable/rename it. > > 2. start menu > control pannel > administrative tools > local security > policy >software restriction policy >additional rules > > say if c:\ d:\ and e:\ are your fixed drives then.... > > right click additional rules > create path rule and create path rule > [DISALLOWED AS] > > c:\*.* > d:\*.* > e:\*.* > > // why let anything to execute from root of fixed drives. > > for all other drives (removable/non existing) from a - z do as > a:\ > b:\ > f:\ > g:\ > ........and so on. Why let anything execute from removable drive > unless you are 100% sure the pendrive is clean and from a trusted > source only. > > always have file extension and hidden/protected system file to "show > by default" from folder option. > > well this is it. From a personal experience i assure the above should > be the BEST solution for this problem and a extra layer of defense if > AV fails to detect it. > > thanks, > -bipin > > > On 11/21/08, n3td3v <xploitable@...il.com> wrote: >> ---------- Forwarded message ---------- >> From: n3td3v <xploitable@...il.com> >> Date: Fri, Nov 21, 2008 at 1:11 AM >> Subject: Comment on: USB devices spreading viruses >> To: n3td3v <n3td3v@...glegroups.com> >> >> >> by n3td3v November 20, 2008 5:08 PM PST >> >> "Meanwhile, the U.S. Department of Defense has temporarily banned the >> use of thumb drives, CDs, and other removable storage devices because >> of the spread of the Agent.bzt virus..." >> >> There is no security through obscurity. >> >> http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=5043948&tag=mncol;tback >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > -- > x-no-archive: yes > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists